pam_login_access vs. pam_access
Thorsten Kukuk
kukuk at suse.de
Wed Feb 1 08:21:00 UTC 2006
On Tue, Jan 31, Mike Becher wrote:
> 1) My patch includes creation of missed manual login.access.5.
Yes, that needs to be removed from Makefile.am. I discussed this with
the other main Linux-PAM developers and we agree that we don't wish to
have the compat code in it.
> 2) If we check if inet_ntop, inet_pton and yp_get_default_domain exists
> then we should provide some alternativ if configure will them not found.
That's something which needs to be fixed in another way. Instead of
yp_get_default_domain domainname() should be used. Meand we would also
get ride of -lnsl. But are there really systems which don't provide
that function?
> 3) Some correctness in access.conf.5.
Are there real content changes? I could only find reformating.
access.conf.5 is now generated from a xml file, I fixed all the bugs
in it yesterday evening, attached is my latest revesion.
I removed for example this "su" service from it, su sets PAM_TTY, so
a rule with servie "su" will never work. Services, which set PAM_RHOSTS
or PAM_TTY cannot by used with their name.
There where also comments about group membership, but pam_access does not
have code for this.
Thorsten
--
Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk at suse.de
SUSE LINUX Products GmbH Maxfeldstr. 5 D-90409 Nuernberg
--------------------------------------------------------------------
Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pam_access.diff.gz
Type: application/x-gunzip
Size: 11463 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pam-list/attachments/20060201/ca119956/attachment.bin>
More information about the Pam-list
mailing list